Lucene search
+L

58 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:54 a.m.7 views

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

5CVSS6.9AI score0.01232EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/02 5:29 a.m.12 views

Restriction Bypass

@escape.tech/graphql-armor-cost-limit is vulnerable to Restriction bypass. The vulnerability is due to the default enabling of the ignoreIntrospection setting in GraphQL servers, which fails to enforce query cost restrictions when a query or fragment is named schema, allows attackers to bypass co...

7.2AI score
Exploits0
NVD
NVD
added 2024/09/03 8:15 p.m.48 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS
Exploits0References6
OSV
OSV
added 2024/04/09 7:15 p.m.7 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

8.2CVSS5.9AI score0.0081EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.21 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

8.2CVSS5.2AI score0.0081EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/07/07 2:18 a.m.3 views

SUSE CVE-2023-37204

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115...

6.5CVSS6.2AI score0.00515EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/05/02 12:0 a.m.10 views

Upgraded Q -> 2 from #680 [1683016846473]

Judge has assessed an item in Issue 680 as 2 risk. The relevant finding follows: D. FlashFee is a flat amount, meaning the cost to flash loan an NFT at floor price is the same as one worth 5x the floor price. FlashFee should instead be based on the weigh of the NFT being flashloaned, with more...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/16 12:0 a.m.10 views

Upgraded Q -> 2 from #154 [1676532286167]

Judge has assessed an item in Issue 154 as 2 risk. The relevant finding follows: Quest.claim can risk gas exhaustion on large receipt claims due to multiple mandatory loops function claim public virtual onlyQuestActive if isPaused revert QuestPaused; uint256 memory tokens =...

6.5AI score
Exploits0
NVD
NVD
added 2022/11/14 11:15 p.m.32 views

CVE-2022-40735

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

7.5CVSS0.02301EPSS
Exploits0References12
Prion
Prion
added 2022/09/15 3:15 p.m.24 views

Design/Logic Flaw

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

2.6CVSS5.6AI score0.01049EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/09/15 2:3 p.m.63 views

CVE-2022-40306

CVE-2022-40306 affects ECi Printanista Hub (formerly FMAudit Printscout). The /Login form processes expensive RSA key-generation operations, enabling DoS via repeated requests on versions prior to 5.5.2. Remediation: upgrade to 5.5.2+ (or later); as a temporary measure, restrict access to the /Lo...

5.9CVSS5.6AI score0.01049EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/15 2:3 p.m.31 views

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

5.9AI score0.01049EPSS
Exploits1References3
Kitploit
Kitploit
added 2022/09/02 12:30 p.m.31 views

Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging...

8AI score
Exploits0References3
OSV
OSV
added 2022/05/24 5:3 p.m.40 views

GHSA-X9GC-P2QP-4P7V Missing permission check in Jenkins Build Failure Analyzer Plugin

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

4.3CVSS4.3AI score0.00817EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 4:19 a.m.10 views

GHSA-CR49-FX2V-9P57 Symfony Denial of Service Via Long Password Hashing

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...

5CVSS6.4AI score0.01868EPSS
Exploits0References9
Code423n4
Code423n4
added 2022/05/17 12:0 a.m.11 views

Validate input variables bounds

83 comment Warden: throttle fee variables bounds are not checked. this can lead to expensive mistake --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/07 10:9 p.m.144 views

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

Law enforcement, C-suite executives and the cybersecurity community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs,...

8.8AI score
Exploits0References15
Cvelist
Cvelist
added 2021/11/11 12:0 a.m.209 views

CVE-2002-20001

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEat or DHEater attack. The client needs very little CPU resources...

7.5AI score0.23061EPSS
Exploits1References13
Code423n4
Code423n4
added 2021/06/01 12:0 a.m.9 views

Uniswap Oracle uses wrong prices

Handle cmichel Vulnerability details The Uniswap oracle uses a mock contract with hard-coded prices to retrieve the price which is not feasible in production. Not sure if this is part of the contest, this will probably still be changed? But note that even when using the "real deal"...

6.8AI score
Exploits0
HackRead
HackRead
added 2021/05/24 5:59 p.m.8 views

Various ways to overcome cybersecurity threats in digital marketing

By Owais Sultan Cyberattacks are always expensive to handle, and no one can predict cybersecurity threats accurately. So what are your options? This is a post from HackRead.com Read the original post: Various ways to overcome cybersecurity threats in digital marketing...

3.2AI score
Exploits0
Rows per page
Query Builder